In this blog, I will talk about several methods I have used to achieve the remote control. It is not a serious horizontal comparison about them, but just my messing around diary.
Why do I need the remote control
You may have a question about why not use a laptop, and my answer is very personal and subjective: I have high-performance requirements for my computer and sometimes I have to use the computer outside, but the powerful laptops are too heavy, while the light laptops are not powerful enough. Therefore, a high-performance PC, combined with remote control capabilities, has become my top choice. Of course, I can use a light laptop as the terminal, but an iPad can be cheaper, lighter, and more portable.
There are already some mature remote desktop solutions on the market, like TeamViewer and Splashtop, but their free edition is almost not usable, and the other editions are quite expensive. Besides, having my data pass through their servers always gives me a sense of privacy breach. So, why not build my own service?
Before connecting to my PC in the external network, my iPad should find my PC first. Since my PC does not have an independent public IP, my iPad could not find my PC directly. It’s like there’s a barrier between my iPad and my PC. This is the biggest obstacle I need to overcome. I need to do intranet penetration.
Intranet Penetration Tool
What is frp?
frp is a fast reverse proxy that allows you to expose a local server located behind a NAT or firewall to the Internet. It currently supports TCP and UDP, as well as HTTP and HTTPS protocols, enabling requests to be forwarded to internal services via domain name.
With frp, I can expose the RDP port (3389) of my PC to the Internet, and then my iPad can find my PC and connect to it.
How to use it?
There are already many tutorials about frp on the Internet, so I won’t go into details here, and just briefly talk about the process and precautions.
Prepare a server with public IPv4 (only IPv6 is accessible too, but it could be a little bit complicated). You can rent a server from Amazon, Azure, Oracle, and other cloud hosting providers. Amazon provides a free tier for 12 months; Azure also provides a 12-month free trial but only for students; Oracle provides two “always free servers”. SO YOU DO NOT NEED TO THINK ABOUT THE PRICE.
Deploy frp service on both your server and your PC. On your server, you should use frps, while on your PC, you should use frpc.
Open all ports that frp needs to use on your server.
server_addr = .***.***.
server_port = 7000
type = tcp
token = *********
tls_enable = true
log_file = ./frpc.log
log_level = info
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 7001
For example, I need to open both
7001on my server.
Enable remote desktop on your PC.
There is a risk. Since iPads do not support the safe mode of frp, you have to open your RDP port to all Internet. If someone brute-forces your Windows username and password, the consequences will be disastrous. Even though I have been using frp for nearly a year, this kind of problem did not occur, but my port does receive a lot of requests every minute. Therefore, I have to close the port on the server after each use and reopen it before the next use. It’s a little troublesome.
Besides, if you have never used a Linux server before, it might be quite difficult to correctly start a
About ZeroTier One
ZeroTier is a smart programmable Ethernet switch for planet Earth. It allows all networked devices, VMs, containers, and applications to communicate as if they all reside in the same physical data center or cloud region.
This is accomplished by combining a cryptographically addressed and secure peer to peer network (termed VL1) with an Ethernet emulation layer somewhat similar to VXLAN (termed VL2). Our VL2 Ethernet virtualization layer includes advanced enterprise SDN features like fine grained access control rules for network micro-segmentation and security monitoring.
How to use it?
Its use process can be summarized as two steps of registration and connection.
Register an account at my.zerotier.com.
Create A Network
Download and install it
NETWORK IDAND paste it into “Join ZeroTier Network” (both your PC and iPad)
Give your two devices permission to access the network in the dashboard. (CHECK the
Then, your two devices can ping each other on different LANs.
In certain network environments, it may become unstable or even unavailable. For example, when you are using mobile network like 4G or 5G, there shell be frequent IP changes. Therefore, you need to frequently rebuild the UDP tunnel between your devices and you’ll feel noticeable lags. Furthermore, if one of your devices is in a symmetric NAT network or if two devices are in different ISPs, you are very likely to be unable to successfully establish a UDP tunnel.
Remote Control Client
It’s an app developed by Microsoft, and it allows you to smoothly remote access your PC with very low bandwidth (3 Mbps). You can directly download it from AppStore.
Then, add your PC and try to connect it.
If you are using NVidia GPU, and your network bandwidth is big enough (larger than 5Mbps), Moonlight is also a good choice.
Moonlight (formerly Limelight) is an open source implementation of NVIDIA’s GameStream protocol. We implemented the protocol used by the NVIDIA Shield and wrote a set of 3rd party clients.
You can stream your collection of PC games from your GameStream-compatible PC to any supported device and play them remotely. Moonlight is perfect for gaming on the go without sacrificing the graphics and game selection available on PC.
It is more complex to start than RD Client, and you should follow the SETUP GUIDE to avoid unnecessary problems.
Apart from the ones I mentioned like frp and ZeroTier One, there are also apps like RustDesk. Since I haven’t personally used them, I won’t provide an evaluation.
During my explortion on intranet penetration, I encountered many challenges. For instance, when addressing security concerns with frp, I attempted to use the Shadowsocks protocol to protect the externally exposed ports of frp. Unfortunately, this attempt was unsuccessful.
Moreover, dealing with a symmetric NAT in my campus network posed difficulties for ZeroTier One tunnel punching. Ultimately, I had to approach the network administrator to obtain a fixed internal IP address for stable remote control within the campus (it was achieved through port forwarding but not intranet penetration).
Despite these hurdles, I found great enjoyment in the process, which perhaps reflects the essence of exploration.